General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    230109-17xpysga67

  • MD5

    9e73e75365e825c8352f8d178e9d3a4b

  • SHA1

    48b64b4912e072adb4af8bf8c7965c203288f6ab

  • SHA256

    196d311300f84070ace52720f49b0e72f14ce858941a0ae005012d9adbd4bf6a

  • SHA512

    7b111abb258c2df93077931efad25953bed527324d57be044dba3db2edfecd909d5ebbee3939b206db58cb723fc7d4b99b1033f731e51b32bce8b4d712b78591

  • SSDEEP

    24576:R20ZqVdkJSYscx3N/usUPdRXTN2SijNV9Ojzjy2q/h+ciKDauzupYCSkl5l/Hlc:R2zYscxd2sSdRjNajz9Ojyb/hhiyauzV

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      9e73e75365e825c8352f8d178e9d3a4b

    • SHA1

      48b64b4912e072adb4af8bf8c7965c203288f6ab

    • SHA256

      196d311300f84070ace52720f49b0e72f14ce858941a0ae005012d9adbd4bf6a

    • SHA512

      7b111abb258c2df93077931efad25953bed527324d57be044dba3db2edfecd909d5ebbee3939b206db58cb723fc7d4b99b1033f731e51b32bce8b4d712b78591

    • SSDEEP

      24576:R20ZqVdkJSYscx3N/usUPdRXTN2SijNV9Ojzjy2q/h+ciKDauzupYCSkl5l/Hlc:R2zYscxd2sSdRjNajz9Ojyb/hhiyauzV

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks